From a14496ce891f1f09b10f0459550e8fe095b477b5 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Thu, 17 Oct 2013 16:14:53 +0200
Subject: [PATCH] Devmapper: Mount images readonly when calculating changes

There is no need to have this be writable, and there is a chance
that e.g. atime updates will cause writes to the image which is
bad for disk use wrt sharing between all containers.
---
 devmapper/deviceset_devmapper.go | 12 +++++++++---
 image.go                         |  6 +++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/devmapper/deviceset_devmapper.go b/devmapper/deviceset_devmapper.go
index 309a26db79..6f9a237b73 100644
--- a/devmapper/deviceset_devmapper.go
+++ b/devmapper/deviceset_devmapper.go
@@ -650,7 +650,7 @@ func (devices *DeviceSetDM) Shutdown() error {
 	return nil
 }
 
-func (devices *DeviceSetDM) MountDevice(hash, path string) error {
+func (devices *DeviceSetDM) MountDevice(hash, path string, readOnly bool) error {
 	devices.Lock()
 	defer devices.Unlock()
 
@@ -666,9 +666,15 @@ func (devices *DeviceSetDM) MountDevice(hash, path string) error {
 
 	info := devices.Devices[hash]
 
-	err := syscall.Mount(info.DevName(), path, "ext4", syscall.MS_MGC_VAL, "discard")
+	var flags uintptr = syscall.MS_MGC_VAL
+
+	if readOnly {
+		flags = flags | syscall.MS_RDONLY
+	}
+
+	err := syscall.Mount(info.DevName(), path, "ext4", flags, "discard")
 	if err != nil && err == syscall.EINVAL {
-		err = syscall.Mount(info.DevName(), path, "ext4", syscall.MS_MGC_VAL, "")
+		err = syscall.Mount(info.DevName(), path, "ext4", flags, "")
 	}
 	if err != nil {
 		utils.Debugf("\n--->Err: %s\n", err)
diff --git a/image.go b/image.go
index eead33f068..c0596e7c5b 100644
--- a/image.go
+++ b/image.go
@@ -384,7 +384,7 @@ func (image *Image) ensureImageDevice(devices *devmapper.DeviceSetDM) error {
 		return err
 	}
 
-	if err := devices.MountDevice(image.ID, mountDir); err != nil {
+	if err := devices.MountDevice(image.ID, mountDir, false); err != nil {
 		utils.Debugf("Error mounting device: %s", err)
 		devices.RemoveDevice(image.ID)
 		return err
@@ -467,7 +467,7 @@ func (image *Image) Mount(runtime *Runtime, root, rw string, id string) error {
 	}
 
 	utils.Debugf("Mounting container %s at %s for container", id, root)
-	if err := devices.MountDevice(id, root); err != nil {
+	if err := devices.MountDevice(id, root, false); err != nil {
 		return err
 	}
 
@@ -509,7 +509,7 @@ func (image *Image) Changes(runtime *Runtime, root, rw, id string) ([]Change, er
 
 	// We re-use rw for the temporary mount of the base image as its
 	// not used by device-mapper otherwise
-	err = devices.MountDevice(image.ID, rw)
+	err = devices.MountDevice(image.ID, rw, true)
 	if err != nil {
 		return nil, err
 	}